search

docker / build-push-action

GitHub Action to build and push Docker images with Buildx
https://github.com/marketplace/actions/build-and-push-docker-images
Apache License 2.0
4.13k stars 532 forks source link

Version 4.2.0 messed up with the json from the metadata action #956

Closed mamutmk5 closed 10 months ago

mamutmk5 commented 10 months ago

Contributing guidelines

I've found a bug, and:

Description

After the version 4.2.0 came out our pipeliens fail if we use docker/build-push-action@v4 so we had to pin it to version 4.1.1. There is some issue with interprate the jsons given by the docker/metadata-action@v4

Expected behaviour

The action works with the medata generated by docker/metadata-action@v4

Actual behaviour

If we use it with the we get
Run docker/build-push-action@v4 GitHub Actions runtime token ACs Docker info Error: Unexpected token { in JSON at position 253

Repository URL

https://github.com/hpi-schul-cloud/schulcloud-server

Workflow run URL

https://github.com/hpi-schul-cloud/schulcloud-server/actions/runs/6120036347/job/16611111071

YAML workflow

---
name: push workflow

on:
  push:
    branches-ignore:
      - dependabot/**
  pull_request:
    types: [labeled]

permissions:
  contents: read

jobs:
  build_and_push:
    # this basically means do not execute it as dependabot unless it is labeled as ready-for-ci
    # because automated processes and pr from forks are dangerous, therefore those prs won't have access to secrets, labeling them acts like allow-listing them
    # more details here https://docs.github.com/en/rest/dependabot/secrets?apiVersion=2022-11-28
    # even when re-running an action manually the actor stays the same as of mid 2022, details here https://github.blog/changelog/2022-07-19-differentiating-triggering-actor-from-executing-actor/

    #https://github.com/actions/runner/issues/1173#issuecomment-1354501147 when false equals true, you have to come up with something ...
    if: |
      (github.actor == 'dependabot[bot]' &&
      contains(github.event.issue.labels.*.name, 'ready-for-ci') == 'true') ||
      github.actor != 'dependabot[bot]'
    runs-on: ubuntu-latest
    needs:
      - branch_meta
    permissions:
      packages: write
    steps:
      - uses: actions/checkout@v3
        with:
          fetch-depth: 0

      - name: Login to registry
        uses: docker/login-action@v2
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}

      - name: Docker meta Service Name
        id: docker_meta_img
        uses: docker/metadata-action@v4
        with:
          images: ghcr.io/${{ github.repository }}
          tags: |
            type=ref,event=branch,enable=false,priority=600
            type=sha,enable=true,priority=600,prefix=
      - name: test image exists
        run: |
          mkdir -p ~/.docker 
          echo '{"experimental": "enabled"}' >> ~/.docker/config.json
          echo "IMAGE_EXISTS=$(docker manifest inspect ghcr.io/${{ github.repository }}:${{ needs.branch_meta.outputs.sha }} > /dev/null && echo 1 || echo 0)" >> $GITHUB_ENV
      - name: Set up Docker Buildx
        if: ${{ env.IMAGE_EXISTS == 0 }}
        uses: docker/setup-buildx-action@v2

      - name: Build and push ${{ github.repository }}
        if: ${{ env.IMAGE_EXISTS == 0 }}
        uses: docker/build-push-action@v4
        with:
          context: .
          file: ./Dockerfile
          platforms: linux/amd64
          push: true
          tags: ghcr.io/${{ github.repository }}:${{ needs.branch_meta.outputs.sha }}
          labels: ${{ steps.docker_meta_img.outputs.labels }}

Workflow logs

log.txt

BuildKit logs

No response

Additional info

No response

crazy-max commented 10 months ago

It seems linked to https://github.com/docker/build-push-action/pull/872 where your docker config in ~/.docker/config.json is not a valid json.

You altered the content of the config in test image exists step and more precisely:

echo '{"experimental": "enabled"}' >> ~/.docker/config.json

You append {"experimental": "enabled"} to it which would break the configuration if file already exists and has an existing configuration.

Also experimental is not supported anymore in the cli configuration iirc (cc @thaJeztah) so you can just remove this line in your workflow imo.

About the error message, I will make some changes to make it clear it's an issue parsing the configuration and also warn if there is an issue instead.

mamutmk5 commented 10 months ago

Thank you it's very interesting to read, we will fix it at our side and remove {"experimental": "enabled"} in this step. But i wonder why it's work with the version 4.1.1 of this action and with version 4.2.0 not more.

crazy-max commented 10 months ago

But i wonder why it's work with the version 4.1.1 of this action and with version 4.2.0 not more.

With https://github.com/docker/build-push-action/pull/872 we now display the proxy configuration which is read from ~/.docker/config.json. I will make some changes so it will warn instead of failing.

mamutmk5 commented 10 months ago

Thank you :)

crazy-max commented 10 months ago

Should be fixed in both v4.2.1 and v4 with a warning message if config is malformed:

image